ScreenShot
| Created | 2025.04.03 09:46 | Machine | s1_win7_x6401 |
| Filename | pxcc.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (AIDetectMalware, malicious, confidence, Midie, high confidence, TrojanX, Udochka, lyKTgQA84Q, Wacatac, Osmw) | ||
| md5 | a6799120a6cd0a439e69cef0b39766f1 | ||
| sha256 | e2f2eadd2865cc21f36f641be666beaab4e97ccd2c56ba522846d1dd89f3a484 | ||
| ssdeep | 3072:noUA2/r2Z8IYrb4fAl/6tTM4atD0cm53jVnw31fzXom6oxsHVB4LpRvDs7fmbQ/L:/2ol/6tw4atQJ53jVn2pjkB4WPb | ||
| imphash | bdcc417182aff23aa735853592246a3c | ||
| impfuzzy | 24:QDMJcpVWPrr02tdS1mBgdlJBl3eDoro3v1GM+AaZxFpOovbOPZY1:HJcpVSrftdS1mBgDpX6cZ83O1 | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x14002b000 GetUserNameA
KERNEL32.dll
0x14002b010 FindFirstFileA
0x14002b018 FindNextFileA
0x14002b020 FindClose
0x14002b028 GetFileAttributesA
0x14002b030 MultiByteToWideChar
0x14002b038 WideCharToMultiByte
0x14002b040 LCMapStringEx
0x14002b048 EnterCriticalSection
0x14002b050 LeaveCriticalSection
0x14002b058 InitializeCriticalSectionEx
0x14002b060 DeleteCriticalSection
0x14002b068 EncodePointer
0x14002b070 DecodePointer
0x14002b078 CompareStringEx
0x14002b080 GetCPInfo
0x14002b088 GetStringTypeW
0x14002b090 RtlCaptureContext
0x14002b098 RtlLookupFunctionEntry
0x14002b0a0 RtlVirtualUnwind
0x14002b0a8 UnhandledExceptionFilter
0x14002b0b0 SetUnhandledExceptionFilter
0x14002b0b8 GetCurrentProcess
0x14002b0c0 TerminateProcess
0x14002b0c8 IsProcessorFeaturePresent
0x14002b0d0 IsDebuggerPresent
0x14002b0d8 GetStartupInfoW
0x14002b0e0 GetModuleHandleW
0x14002b0e8 QueryPerformanceCounter
0x14002b0f0 GetCurrentProcessId
0x14002b0f8 GetCurrentThreadId
0x14002b100 GetSystemTimeAsFileTime
0x14002b108 InitializeSListHead
0x14002b110 SetEndOfFile
0x14002b118 RtlUnwindEx
0x14002b120 RtlPcToFileHeader
0x14002b128 RaiseException
0x14002b130 GetLastError
0x14002b138 SetLastError
0x14002b140 InitializeCriticalSectionAndSpinCount
0x14002b148 TlsAlloc
0x14002b150 TlsGetValue
0x14002b158 TlsSetValue
0x14002b160 TlsFree
0x14002b168 FreeLibrary
0x14002b170 GetProcAddress
0x14002b178 LoadLibraryExW
0x14002b180 ExitProcess
0x14002b188 GetModuleHandleExW
0x14002b190 GetModuleFileNameW
0x14002b198 GetStdHandle
0x14002b1a0 WriteFile
0x14002b1a8 GetFileSizeEx
0x14002b1b0 SetFilePointerEx
0x14002b1b8 GetFileType
0x14002b1c0 FlushFileBuffers
0x14002b1c8 GetConsoleOutputCP
0x14002b1d0 GetConsoleMode
0x14002b1d8 HeapFree
0x14002b1e0 CloseHandle
0x14002b1e8 HeapReAlloc
0x14002b1f0 HeapAlloc
0x14002b1f8 FlsAlloc
0x14002b200 FlsGetValue
0x14002b208 FlsSetValue
0x14002b210 FlsFree
0x14002b218 LCMapStringW
0x14002b220 GetLocaleInfoW
0x14002b228 IsValidLocale
0x14002b230 GetUserDefaultLCID
0x14002b238 EnumSystemLocalesW
0x14002b240 ReadFile
0x14002b248 ReadConsoleW
0x14002b250 FindFirstFileExW
0x14002b258 FindNextFileW
0x14002b260 IsValidCodePage
0x14002b268 GetACP
0x14002b270 GetOEMCP
0x14002b278 GetCommandLineA
0x14002b280 GetCommandLineW
0x14002b288 GetEnvironmentStringsW
0x14002b290 FreeEnvironmentStringsW
0x14002b298 GetProcessHeap
0x14002b2a0 SetStdHandle
0x14002b2a8 CreateFileW
0x14002b2b0 HeapSize
0x14002b2b8 WriteConsoleW
0x14002b2c0 RtlUnwind
EAT(Export Address Table) is none
ADVAPI32.dll
0x14002b000 GetUserNameA
KERNEL32.dll
0x14002b010 FindFirstFileA
0x14002b018 FindNextFileA
0x14002b020 FindClose
0x14002b028 GetFileAttributesA
0x14002b030 MultiByteToWideChar
0x14002b038 WideCharToMultiByte
0x14002b040 LCMapStringEx
0x14002b048 EnterCriticalSection
0x14002b050 LeaveCriticalSection
0x14002b058 InitializeCriticalSectionEx
0x14002b060 DeleteCriticalSection
0x14002b068 EncodePointer
0x14002b070 DecodePointer
0x14002b078 CompareStringEx
0x14002b080 GetCPInfo
0x14002b088 GetStringTypeW
0x14002b090 RtlCaptureContext
0x14002b098 RtlLookupFunctionEntry
0x14002b0a0 RtlVirtualUnwind
0x14002b0a8 UnhandledExceptionFilter
0x14002b0b0 SetUnhandledExceptionFilter
0x14002b0b8 GetCurrentProcess
0x14002b0c0 TerminateProcess
0x14002b0c8 IsProcessorFeaturePresent
0x14002b0d0 IsDebuggerPresent
0x14002b0d8 GetStartupInfoW
0x14002b0e0 GetModuleHandleW
0x14002b0e8 QueryPerformanceCounter
0x14002b0f0 GetCurrentProcessId
0x14002b0f8 GetCurrentThreadId
0x14002b100 GetSystemTimeAsFileTime
0x14002b108 InitializeSListHead
0x14002b110 SetEndOfFile
0x14002b118 RtlUnwindEx
0x14002b120 RtlPcToFileHeader
0x14002b128 RaiseException
0x14002b130 GetLastError
0x14002b138 SetLastError
0x14002b140 InitializeCriticalSectionAndSpinCount
0x14002b148 TlsAlloc
0x14002b150 TlsGetValue
0x14002b158 TlsSetValue
0x14002b160 TlsFree
0x14002b168 FreeLibrary
0x14002b170 GetProcAddress
0x14002b178 LoadLibraryExW
0x14002b180 ExitProcess
0x14002b188 GetModuleHandleExW
0x14002b190 GetModuleFileNameW
0x14002b198 GetStdHandle
0x14002b1a0 WriteFile
0x14002b1a8 GetFileSizeEx
0x14002b1b0 SetFilePointerEx
0x14002b1b8 GetFileType
0x14002b1c0 FlushFileBuffers
0x14002b1c8 GetConsoleOutputCP
0x14002b1d0 GetConsoleMode
0x14002b1d8 HeapFree
0x14002b1e0 CloseHandle
0x14002b1e8 HeapReAlloc
0x14002b1f0 HeapAlloc
0x14002b1f8 FlsAlloc
0x14002b200 FlsGetValue
0x14002b208 FlsSetValue
0x14002b210 FlsFree
0x14002b218 LCMapStringW
0x14002b220 GetLocaleInfoW
0x14002b228 IsValidLocale
0x14002b230 GetUserDefaultLCID
0x14002b238 EnumSystemLocalesW
0x14002b240 ReadFile
0x14002b248 ReadConsoleW
0x14002b250 FindFirstFileExW
0x14002b258 FindNextFileW
0x14002b260 IsValidCodePage
0x14002b268 GetACP
0x14002b270 GetOEMCP
0x14002b278 GetCommandLineA
0x14002b280 GetCommandLineW
0x14002b288 GetEnvironmentStringsW
0x14002b290 FreeEnvironmentStringsW
0x14002b298 GetProcessHeap
0x14002b2a0 SetStdHandle
0x14002b2a8 CreateFileW
0x14002b2b0 HeapSize
0x14002b2b8 WriteConsoleW
0x14002b2c0 RtlUnwind
EAT(Export Address Table) is none